Researchers Discover Critical Vulnerabilities in Windows Hello Fingerprint Authentication
TL;DR Summary
Researchers have discovered vulnerabilities in the fingerprint sensors of Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops, which could allow attackers to bypass Windows Hello authentication. The flaws were found in the fingerprint sensors from Goodix, Synaptics, and ELAN, all of which are "match on chip" (MoC) sensors. The vulnerabilities include sensor spoofing, cleartext transmission of security identifiers, and the lack of support for the Secure Device Connection Protocol (SDCP). To mitigate these attacks, it is recommended that OEMs enable SDCP and have the fingerprint sensor implementation audited by independent experts.
Topics:technology#authentication-security-windows#biometric-authentication#device-security#fingerprint-sensors#vulnerabilities#windows-hello
- New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login The Hacker News
- Microsoft's Windows Hello fingerprint authentication has been bypassed The Verge
- Windows Hello fingerprint security tests failed on top three laptops 9to5Mac
- Researchers have successfully bypassed Microsoft's Windows Hello fingerprint authentication Neowin
- Windows Hello Fingerprint Authentication Bypassed on Popular Laptops SecurityWeek
- View Full Coverage on Google News
Reading Insights
Total Reads
0
Unique Readers
1
Time Saved
3 min
vs 4 min read
Condensed
85%
625 → 95 words
Want the full story? Read the original article
Read on The Hacker News